How cyber criminals get personal with you and your business

Last year there were more than 700 social media and email hacking incidents reported in the South West of England, amounting to a staggering £635,000 in losses, according to the Action Fraud National Fraud Intelligence Bureau (NFIB).




Take a moment to think about the contents of your personal email and social media accounts. What would an online intruder find? One or more of the following is likely - health records, banking information, holiday photos, your date of birth and address.


And how about your business accounts? No doubt there will be plenty of confidential documents, employee and customer details and financial projections which a hacker would love to get their horrible hands on. And if they do, they can use this valuable data to:

  • Send messages containing malicious links to your connections

  • Trick friends, customers and other connections into sending them money by pretending they’re you

  • Extort you for money in exchange for restoring access to your account but there’s no guarantee it will be as you left it

With social media accounts, phishing is the most common method to launch an attack against unsuspecting victims. Motives can vary from financial gain, revenge or even personal amusement. We’d also advise to be cautious of social media messages that ask for your login details or authentication codes, even if the message appears to be from someone you know. If it looks and sounds phishy, it usually is.


How to keep hackers out:

  • Secure your email accounts – if they get in, they could reset your other account passwords and access private information such as contacts, messages or photos.

Set a strong email password that is different to other ones you use. This will make it harder to for an intruder crack. On average it takes an attacker less than six hours to guess a password. Using three random words is a good way to create a secure and unique password that you will remember.


How to change your email password:


· Gmail

· Yahoo!

· Outlook

· BT

· AOL


  • Enable two-factor authentication (2FA) - this a way of double checking that you are the intended user of an account. A verification code is sent (sometimes through an authenticator app) to a second factor that only you can access before you can get into your service account. If a hacker already has your password, this will prevent them from accessing your email or social platforms.


How to turn on two-factor authentication (2FA) for:

Email accounts:

Social media accounts:


Action to take if an account is hacked


Speed is key here should the worst happen. The NCSC has put together these eight steps to help you try to recover an account you’ve been blocked out of by a cyber criminal.


We offer more guidance completely free of charge, so you don’t have to get your cyber security up to speed on your own. We have more than 300 core members from across Somerset, Dorset, Devon, Cornwall, Wiltshire, Gloucestershire and Bristol who benefit from regular, local updates and advice. Join our community and sign up for core membership to see how easy it is to build on your business resilience.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South West is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South West provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the South West does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South West is not responsible for the content of external internet sites that link to this site or which are linked from it.